DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
DODI <strong>8500.2</strong>, February 6, 2003<br />
5.7.9.3. Collect and retain audit data to support technical analysis relating<br />
to misuse, penetration reconstruction, or other investigations, and provide this data to<br />
appropriate law enforcement or other investigating agencies.<br />
5.7.10. Ensure that contracts include requirements to protect <strong>DoD</strong> sensitive<br />
information, and that the contracts are monitored for compliance.<br />
5.7.11. Ensure that access to all <strong>DoD</strong> information systems and to specified<br />
types of information (e.g., intelligence, proprietary) under their purview is granted only<br />
on a need-to-know basis according to <strong>DoD</strong> Directive 8500.1 (reference (a)), and that all<br />
personnel having access are appropriately cleared or qualified under the provisions of<br />
<strong>DoD</strong> 5200.2-R (reference (r)).<br />
5.7.12. Ensure that Public Key Infrastructure (PKI) implementation within<br />
<strong>DoD</strong> Component-owned or -controlled <strong>DoD</strong> information systems complies with<br />
guidance, as established.<br />
5.7.13. Ensure implementation of the <strong>DoD</strong> ports and protocols management<br />
process according to guidance, as established.<br />
5.7.14. Ensure that all biometrics technology intended for integration into<br />
<strong>DoD</strong> information and weapon systems is coordinated with the <strong>DoD</strong> Biometrics<br />
Management Office and acquired according to <strong>DoD</strong> policy and procedures, as<br />
established.<br />
5.7.15. Ensure that appropriate notice of privacy rights and security<br />
responsibilities are provided to all individuals accessing <strong>DoD</strong> Component-owned or<br />
-controlled <strong>DoD</strong> information systems.<br />
5.7.16. Ensure that <strong>DoD</strong> Component-owned or -controlled <strong>DoD</strong> information<br />
systems are assessed for IA vulnerabilities on a regular basis, and that appropriate IA<br />
solutions to eliminate or otherwise mitigate identified vulnerabilities are implemented.<br />
5.7.17. Designate individuals authorized to receive code-signing certificates<br />
and ensure that such designations are kept to a minimum consistent with operational<br />
requirements.<br />
5.7.18. Ensure that IA solutions do not unnecessarily restrict the use of<br />
assistive technology by individuals with disabilities or access to or use of information<br />
and data by individuals with disabilities in accordance with sections 501, 504, and 508 of<br />
the Rehabilitation Act of 1973 (29 U.S.C. 791, 794, and 794d) (reference (s)).<br />
7